Julian Timm
2017-Jun-12 10:32 UTC
[Samba] Changing the IP Address of a Samba AD DC doesn't work - samba_dnsupdate crashes
Hello!
I've followed your tutorial to change the IP Address of our Samba AD DC:
https://wiki.samba.org/index.php/Changing_the_IP_Address_of_a_Samba_AD_DC
But the samba_dnsupdate tool always crashes with this output:
samba_dnsupdate --verbose
Unknown parameter encountered: "ks"
Ignoring unknown parameter "ks"
IPs: ['192.168.68.201']
Looking for DNS entry A mydomain.lan 192.168.68.201 as mydomain.lan.
Failed to find matching DNS entry A mydomain.lan 192.168.68.201
Looking for DNS entry A PDC.mydomain.lan 192.168.68.201 as PDC.mydomain.lan.
Failed to find matching DNS entry A PDC.mydomain.lan 192.168.68.201
Looking for DNS entry A gc._msdcs.mydomain.lan 192.168.68.201 as
gc._msdcs.mydomain.lan.
Failed to find matching DNS entry A gc._msdcs.mydomain.lan 192.168.68.201
Looking for DNS entry CNAME
43bd4564-2ae5-4e61-a5ee-f1c2e80e9c37._msdcs.mydomain.lan PDC.mydomain.lan as
43bd4564-2ae5-4e61-a5ee-f1c2e80e9c37._msdcs.mydomain.lan.
Looking for DNS entry SRV _kpasswd._tcp.mydomain.lan PDC.mydomain.lan 464 as
_kpasswd._tcp.mydomain.lan.
Checking 0 100 464 PDC.mydomain.lan. against SRV _kpasswd._tcp.mydomain.lan
PDC.mydomain.lan 464
Looking for DNS entry SRV _kpasswd._udp.mydomain.lan PDC.mydomain.lan 464 as
_kpasswd._udp.mydomain.lan.
Checking 0 100 464 PDC.mydomain.lan. against SRV _kpasswd._udp.mydomain.lan
PDC.mydomain.lan 464
Looking for DNS entry SRV _kerberos._tcp.mydomain.lan PDC.mydomain.lan 88 as
_kerberos._tcp.mydomain.lan.
Checking 0 100 88 PDC.mydomain.lan. against SRV _kerberos._tcp.mydomain.lan
PDC.mydomain.lan 88
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.mydomain.lan PDC.mydomain.lan
88 as _kerberos._tcp.dc._msdcs.mydomain.lan.
Checking 0 100 88 PDC.mydomain.lan. against SRV
_kerberos._tcp.dc._msdcs.mydomain.lan PDC.mydomain.lan 88
Looking for DNS entry SRV
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.lan PDC.mydomain.lan 88
as _kerberos._tcp.Default-First-Site-Name._sites.mydomain.lan.
Checking 0 100 88 PDC.mydomain.lan. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.lan PDC.mydomain.lan 88
Looking for DNS entry SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.lan
PDC.mydomain.lan 88 as
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.lan.
Checking 0 100 88 PDC.mydomain.lan. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.lan
PDC.mydomain.lan 88
Looking for DNS entry SRV _kerberos._udp.mydomain.lan PDC.mydomain.lan 88 as
_kerberos._udp.mydomain.lan.
Checking 0 100 88 PDC.mydomain.lan. against SRV _kerberos._udp.mydomain.lan
PDC.mydomain.lan 88
Looking for DNS entry SRV _ldap._tcp.mydomain.lan PDC.mydomain.lan 389 as
_ldap._tcp.mydomain.lan.
Checking 0 100 389 PDC.mydomain.lan. against SRV _ldap._tcp.mydomain.lan
PDC.mydomain.lan 389
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.mydomain.lan PDC.mydomain.lan 389
as _ldap._tcp.dc._msdcs.mydomain.lan.
Checking 0 100 389 PDC.mydomain.lan. against SRV
_ldap._tcp.dc._msdcs.mydomain.lan PDC.mydomain.lan 389
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.mydomain.lan PDC.mydomain.lan
3268 as _ldap._tcp.gc._msdcs.mydomain.lan.
Checking 0 100 3268 PDC.mydomain.lan. against SRV
_ldap._tcp.gc._msdcs.mydomain.lan PDC.mydomain.lan 3268
Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.mydomain.lan PDC.mydomain.lan
389 as _ldap._tcp.pdc._msdcs.mydomain.lan.
Checking 0 100 389 PDC.mydomain.lan. against SRV
_ldap._tcp.pdc._msdcs.mydomain.lan PDC.mydomain.lan 389
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.mydomain.lan
PDC.mydomain.lan 389 as _ldap._tcp.Default-First-Site-Name._sites.mydomain.lan.
Checking 0 100 389 PDC.mydomain.lan. against SRV
_ldap._tcp.Default-First-Site-Name._sites.mydomain.lan PDC.mydomain.lan 389
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.lan
PDC.mydomain.lan 389 as
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.lan.
Checking 0 100 389 PDC.mydomain.lan. against SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.lan
PDC.mydomain.lan 389
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.lan
PDC.mydomain.lan 3268 as
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.lan.
Checking 0 100 3268 PDC.mydomain.lan. against SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.lan
PDC.mydomain.lan 3268
Looking for DNS entry SRV
_ldap._tcp.61911020-60b6-42e6-8e50-6addd34584df.domains._msdcs.mydomain.lan
PDC.mydomain.lan 389 as
_ldap._tcp.61911020-60b6-42e6-8e50-6addd34584df.domains._msdcs.mydomain.lan.
Checking 0 100 389 PDC.mydomain.lan. against SRV
_ldap._tcp.61911020-60b6-42e6-8e50-6addd34584df.domains._msdcs.mydomain.lan
PDC.mydomain.lan 389
Looking for DNS entry SRV _gc._tcp.mydomain.lan PDC.mydomain.lan 3268 as
_gc._tcp.mydomain.lan.
Checking 0 100 3268 PDC.mydomain.lan. against SRV _gc._tcp.mydomain.lan
PDC.mydomain.lan 3268
Looking for DNS entry SRV _gc._tcp.Default-First-Site-Name._sites.mydomain.lan
PDC.mydomain.lan 3268 as _gc._tcp.Default-First-Site-Name._sites.mydomain.lan.
Checking 0 100 3268 PDC.mydomain.lan. against SRV
_gc._tcp.Default-First-Site-Name._sites.mydomain.lan PDC.mydomain.lan 3268
Looking for DNS entry A mydomain.lan 192.168.18.201 as mydomain.lan.
Looking for DNS entry A PDC.mydomain.lan 192.168.18.201 as PDC.mydomain.lan.
Looking for DNS entry A gc._msdcs.mydomain.lan 192.168.18.201 as
gc._msdcs.mydomain.lan.
Traceback (most recent call last):
File "/usr/sbin/samba_dnsupdate", line 621, in <module>
get_credentials(lp)
File "/usr/sbin/samba_dnsupdate", line 125, in get_credentials
raise e
RuntimeError: kinit for PDC$@mydomain.LAN failed (Cannot contact any KDC for
requested realm)
-> Old IP: 192.168.18.201
-> New IP: 192.168.18.201
Kinit failed because it still uses the old address.
We are using Ubuntu 14.04.5 with Samba 4.3.11.
How can i fix this problem?
Thanks for help!
Julian
Rowland Penny
2017-Jun-12 11:12 UTC
[Samba] Changing the IP Address of a Samba AD DC doesn't work - samba_dnsupdate crashes
On Mon, 12 Jun 2017 12:32:34 +0200 Julian Timm via samba <samba at lists.samba.org> wrote:> Hello! > > I've followed your tutorial to change the IP Address of our Samba AD > DC: > https://wiki.samba.org/index.php/Changing_the_IP_Address_of_a_Samba_AD_DC > > But the samba_dnsupdate tool always crashes with this output: > > samba_dnsupdate --verbose > Unknown parameter encountered: "ks" > Ignoring unknown parameter "ks" > IPs: ['192.168.68.201']Can you post your smb.conf, this way we can see what 'ks' is and if it is part of your problem.> Looking for DNS entry A mydomain.lan 192.168.68.201 as mydomain.lan. > Failed to find matching DNS entry A mydomain.lan 192.168.68.201 > Looking for DNS entry A PDC.mydomain.lan 192.168.68.201 as > PDC.mydomain.lan. Failed to find matching DNS entry A > PDC.mydomain.lan 192.168.68.201 Looking for DNS entry A > gc._msdcs.mydomain.lan 192.168.68.201 as gc._msdcs.mydomain.lan. > Failed to find matching DNS entry A gc._msdcs.mydomain.lan > 192.168.68.201 > as PDC.mydomain.lan. Looking for DNS entry A gc._msdcs.mydomain.lan > 192.168.18.201 as gc._msdcs.mydomain.lan. Traceback (most recent call > last): File "/usr/sbin/samba_dnsupdate", line 621, in <module> > get_credentials(lp) File "/usr/sbin/samba_dnsupdate", line 125, in > get_credentials raise e RuntimeError: kinit for PDC$@mydomain.LAN > failed (Cannot contact any KDC for requested realm) > > -> Old IP: 192.168.18.201 > -> New IP: 192.168.18.201Those IPs match> > Kinit failed because it still uses the old address. > > We are using Ubuntu 14.04.5 with Samba 4.3.11. >Is this a domain with only one DC ? Is there any way you can upgrade Samba ? Rowland
Julian Timm
2017-Jun-12 12:33 UTC
[Samba] Changing the IP Address of a Samba AD DC doesn't work - samba_dnsupdate crashes
Thanks for your reply Rowland!
1.
Here is my smb.conf
---
# Global parameters
[global]
interfaces = eth0
workgroup = MYDOMAIN
realm = mydomain.lan
netbios name = PDC
server string = PDC
server role = active directory domain controller
passdb backend = samba4
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate
idmap_ldb:use rfc2307 = yes
# Kerberos Ticket Lifetime Einstellungen
kdc:service ticket lifetime = 24
kdc:user ticket lifetime = 24
kdc:renewal lifetime = 120
# Sonstige Optionen
hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/$RECYCLE.BIN
reset on zero vc = yes
# Druckserver Optionen
load printers = yes
spoolss: architecture = Windows x64
rpc_server:spoolss = external
rpc_daemon:spoolssd = fork
# System-Freigaben
[netlogon]
path = /var/lib/samba/sysvol/mydomain.lan/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
# Benutzer-Freigaben, Programme und Daten
[Benutzer]
path = /volumes/HDD1/Benutzer
read only = No
oplocks = No
level2 oplocks = No
[Profile]
path = /volumes/HDD1/Profile
read only = No
oplocks = No
level2 oplocks = No
[Programme]
path = /volumes/HDD1/Programme
read only = No
ks = No
[Datenaustausch]
path = /volumes/HDD1/Datenaustausch
read only = No
[Install]
path = /volumes/HDD1/Install
read only = No
;; map = Z: () (Domain Admins) ()
# Drucker-Freigaben
[printers]
comment = All Printers
path = /var/spool/samba
browseable = Yes
read only = No
printable = Yes
printing = CUPS
[print$]
comment = Point and Print Printer Drivers
path = /var/lib/samba/printers
writeable = yes
---
1. I mean: Old IP: 192.168.18.201 - New IP: 192.168.68.201 (i did just copy and
paste and forget to change the ip)
2. I see that "ks" is a typo in my smb.conf! It should be
"oplocks = no"! I'will change that!
3. Yes this is a domain with only one DC
4. At the moment i've no time to update the server to a newer Ubuntu/Samba
version, so i hope we can get this work with Ubuntu 14.04.5
> Gesendet: Montag, 12. Juni 2017 um 13:12 Uhr
> Von: "Rowland Penny via samba" <samba at lists.samba.org>
> An: samba at lists.samba.org
> Betreff: Re: [Samba] Changing the IP Address of a Samba AD DC doesn't
work - samba_dnsupdate crashes
>
> On Mon, 12 Jun 2017 12:32:34 +0200
> Julian Timm via samba <samba at lists.samba.org> wrote:
>
> > Hello!
> >
> > I've followed your tutorial to change the IP Address of our Samba
AD
> > DC:
> >
https://wiki.samba.org/index.php/Changing_the_IP_Address_of_a_Samba_AD_DC
> >
> > But the samba_dnsupdate tool always crashes with this output:
> >
> > samba_dnsupdate --verbose
> > Unknown parameter encountered: "ks"
> > Ignoring unknown parameter "ks"
> > IPs: ['192.168.68.201']
>
> Can you post your smb.conf, this way we can see what 'ks' is and if
it
> is part of your problem.
>
> > Looking for DNS entry A mydomain.lan 192.168.68.201 as mydomain.lan.
> > Failed to find matching DNS entry A mydomain.lan 192.168.68.201
> > Looking for DNS entry A PDC.mydomain.lan 192.168.68.201 as
> > PDC.mydomain.lan. Failed to find matching DNS entry A
> > PDC.mydomain.lan 192.168.68.201 Looking for DNS entry A
> > gc._msdcs.mydomain.lan 192.168.68.201 as gc._msdcs.mydomain.lan.
> > Failed to find matching DNS entry A gc._msdcs.mydomain.lan
> > 192.168.68.201
> > as PDC.mydomain.lan. Looking for DNS entry A gc._msdcs.mydomain.lan
> > 192.168.18.201 as gc._msdcs.mydomain.lan. Traceback (most recent call
> > last): File "/usr/sbin/samba_dnsupdate", line 621, in
<module>
> > get_credentials(lp) File "/usr/sbin/samba_dnsupdate", line
125, in
> > get_credentials raise e RuntimeError: kinit for PDC$@mydomain.LAN
> > failed (Cannot contact any KDC for requested realm)
> >
> > -> Old IP: 192.168.18.201
> > -> New IP: 192.168.18.201
>
> Those IPs match
>
> >
> > Kinit failed because it still uses the old address.
> >
> > We are using Ubuntu 14.04.5 with Samba 4.3.11.
> >
>
> Is this a domain with only one DC ?
>
> Is there any way you can upgrade Samba ?
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
Garming Sam
2017-Jun-12 23:32 UTC
[Samba] Changing the IP Address of a Samba AD DC doesn't work - samba_dnsupdate crashes
Hi, It seems like hardcoding the new address in your /etc/krb5.conf might work. Upgrading should make this more reliable, but a conf change might be all you need for now. Cheers, Garming On 12/06/17 22:32, Julian Timm via samba wrote:> Hello! > > I've followed your tutorial to change the IP Address of our Samba AD DC: > https://wiki.samba.org/index.php/Changing_the_IP_Address_of_a_Samba_AD_DC > > But the samba_dnsupdate tool always crashes with this output: > > samba_dnsupdate --verbose > Unknown parameter encountered: "ks" > Ignoring unknown parameter "ks" > IPs: ['192.168.68.201'] > Looking for DNS entry A mydomain.lan 192.168.68.201 as mydomain.lan. > Failed to find matching DNS entry A mydomain.lan 192.168.68.201 > Looking for DNS entry A PDC.mydomain.lan 192.168.68.201 as PDC.mydomain.lan. > Failed to find matching DNS entry A PDC.mydomain.lan 192.168.68.201 > Looking for DNS entry A gc._msdcs.mydomain.lan 192.168.68.201 as gc._msdcs.mydomain.lan. > Failed to find matching DNS entry A gc._msdcs.mydomain.lan 192.168.68.201 > Looking for DNS entry CNAME 43bd4564-2ae5-4e61-a5ee-f1c2e80e9c37._msdcs.mydomain.lan PDC.mydomain.lan as 43bd4564-2ae5-4e61-a5ee-f1c2e80e9c37._msdcs.mydomain.lan. > Looking for DNS entry SRV _kpasswd._tcp.mydomain.lan PDC.mydomain.lan 464 as _kpasswd._tcp.mydomain.lan. > Checking 0 100 464 PDC.mydomain.lan. against SRV _kpasswd._tcp.mydomain.lan PDC.mydomain.lan 464 > Looking for DNS entry SRV _kpasswd._udp.mydomain.lan PDC.mydomain.lan 464 as _kpasswd._udp.mydomain.lan. > Checking 0 100 464 PDC.mydomain.lan. against SRV _kpasswd._udp.mydomain.lan PDC.mydomain.lan 464 > Looking for DNS entry SRV _kerberos._tcp.mydomain.lan PDC.mydomain.lan 88 as _kerberos._tcp.mydomain.lan. > Checking 0 100 88 PDC.mydomain.lan. against SRV _kerberos._tcp.mydomain.lan PDC.mydomain.lan 88 > Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.mydomain.lan PDC.mydomain.lan 88 as _kerberos._tcp.dc._msdcs.mydomain.lan. > Checking 0 100 88 PDC.mydomain.lan. against SRV _kerberos._tcp.dc._msdcs.mydomain.lan PDC.mydomain.lan 88 > Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.mydomain.lan PDC.mydomain.lan 88 as _kerberos._tcp.Default-First-Site-Name._sites.mydomain.lan. > Checking 0 100 88 PDC.mydomain.lan. against SRV _kerberos._tcp.Default-First-Site-Name._sites.mydomain.lan PDC.mydomain.lan 88 > Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.lan PDC.mydomain.lan 88 as _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.lan. > Checking 0 100 88 PDC.mydomain.lan. against SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.lan PDC.mydomain.lan 88 > Looking for DNS entry SRV _kerberos._udp.mydomain.lan PDC.mydomain.lan 88 as _kerberos._udp.mydomain.lan. > Checking 0 100 88 PDC.mydomain.lan. against SRV _kerberos._udp.mydomain.lan PDC.mydomain.lan 88 > Looking for DNS entry SRV _ldap._tcp.mydomain.lan PDC.mydomain.lan 389 as _ldap._tcp.mydomain.lan. > Checking 0 100 389 PDC.mydomain.lan. against SRV _ldap._tcp.mydomain.lan PDC.mydomain.lan 389 > Looking for DNS entry SRV _ldap._tcp.dc._msdcs.mydomain.lan PDC.mydomain.lan 389 as _ldap._tcp.dc._msdcs.mydomain.lan. > Checking 0 100 389 PDC.mydomain.lan. against SRV _ldap._tcp.dc._msdcs.mydomain.lan PDC.mydomain.lan 389 > Looking for DNS entry SRV _ldap._tcp.gc._msdcs.mydomain.lan PDC.mydomain.lan 3268 as _ldap._tcp.gc._msdcs.mydomain.lan. > Checking 0 100 3268 PDC.mydomain.lan. against SRV _ldap._tcp.gc._msdcs.mydomain.lan PDC.mydomain.lan 3268 > Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.mydomain.lan PDC.mydomain.lan 389 as _ldap._tcp.pdc._msdcs.mydomain.lan. > Checking 0 100 389 PDC.mydomain.lan. against SRV _ldap._tcp.pdc._msdcs.mydomain.lan PDC.mydomain.lan 389 > Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.mydomain.lan PDC.mydomain.lan 389 as _ldap._tcp.Default-First-Site-Name._sites.mydomain.lan. > Checking 0 100 389 PDC.mydomain.lan. against SRV _ldap._tcp.Default-First-Site-Name._sites.mydomain.lan PDC.mydomain.lan 389 > Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.lan PDC.mydomain.lan 389 as _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.lan. > Checking 0 100 389 PDC.mydomain.lan. against SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.lan PDC.mydomain.lan 389 > Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.lan PDC.mydomain.lan 3268 as _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.lan. > Checking 0 100 3268 PDC.mydomain.lan. against SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.lan PDC.mydomain.lan 3268 > Looking for DNS entry SRV _ldap._tcp.61911020-60b6-42e6-8e50-6addd34584df.domains._msdcs.mydomain.lan PDC.mydomain.lan 389 as _ldap._tcp.61911020-60b6-42e6-8e50-6addd34584df.domains._msdcs.mydomain.lan. > Checking 0 100 389 PDC.mydomain.lan. against SRV _ldap._tcp.61911020-60b6-42e6-8e50-6addd34584df.domains._msdcs.mydomain.lan PDC.mydomain.lan 389 > Looking for DNS entry SRV _gc._tcp.mydomain.lan PDC.mydomain.lan 3268 as _gc._tcp.mydomain.lan. > Checking 0 100 3268 PDC.mydomain.lan. against SRV _gc._tcp.mydomain.lan PDC.mydomain.lan 3268 > Looking for DNS entry SRV _gc._tcp.Default-First-Site-Name._sites.mydomain.lan PDC.mydomain.lan 3268 as _gc._tcp.Default-First-Site-Name._sites.mydomain.lan. > Checking 0 100 3268 PDC.mydomain.lan. against SRV _gc._tcp.Default-First-Site-Name._sites.mydomain.lan PDC.mydomain.lan 3268 > Looking for DNS entry A mydomain.lan 192.168.18.201 as mydomain.lan. > Looking for DNS entry A PDC.mydomain.lan 192.168.18.201 as PDC.mydomain.lan. > Looking for DNS entry A gc._msdcs.mydomain.lan 192.168.18.201 as gc._msdcs.mydomain.lan. > Traceback (most recent call last): > File "/usr/sbin/samba_dnsupdate", line 621, in <module> > get_credentials(lp) > File "/usr/sbin/samba_dnsupdate", line 125, in get_credentials > raise e > RuntimeError: kinit for PDC$@mydomain.LAN failed (Cannot contact any KDC for requested realm) > > -> Old IP: 192.168.18.201 > -> New IP: 192.168.18.201 > > Kinit failed because it still uses the old address. > > We are using Ubuntu 14.04.5 with Samba 4.3.11. > > How can i fix this problem? > > Thanks for help! > > Julian >
Reasonably Related Threads
- Fresh ad installation - Win2022 can't join
- dns_tkey_gssnegotiate: TKEY is unacceptable
- Authentication to Secondary Domain Controller initially fails when PDC is offline
- Samba 4.8.4 + BIND 9.9.4 - possibility of nonsecure DNS updates
- I can't join the new AD server with Samba4